This is the fourth part of the blog series on cyber security, continuing from its third part on Scareware, RogueAV and Ransomware, focussing on the dangers of choosing weak passwords and the consequences of recycling the same password across different online accounts, and a few tips on how to determine a suitably strong password.
In today’s digital age, people’s lives seem to revolve around passwords. Passwords to online portals play an important role in securing access to a user’s online information, whether financial, professional or personal. Hence, users are perennially advised to always secure their accounts with strong passwords.
Many online portals alert users about inadequate password strength when setting up the login credentials for a user account. Some online portals may even enforce strong password before the account is set up. Users must consider password depth while deciding on an account’s password to avoid their passwords being hacked easily.
From a security perspective, using the same password for a user’s multiple accounts is dangerous, both for personal accounts as well as in a professional environment. In this case a hacker need hack only one account to have the credentials to have access to the victim’s other accounts and the sensitive information held therein.
Users should beware the consequences of using weak passwords. Here are a few of the general mistakes which lead to coining weak passwords:
- Passwords which have been used previously
- A user’s friend’s or family member’s name or date of birth
- Favourite food/place name
- A user’s own name
- A single word from a dictionary
- A common name
- The username reused as the password
- Keyboard patterns/swipes, etc., e.g. qwerty
Usually hackers try to hack an account by attempting common words as passwords at first, and then with complicated words by combinations. This process, a simple form of “bruteforce attack”, need not be done by hand, but is rather automated using hacking tools. Here is an example to show how much time it would take1 for a hacker to crack a user’s password:
In order to safeguard against these types of attacks, here are few tips on how to choose and maintain a secure password:
- Use unique passwords for every account, i.e. never repeat passwords across online accounts
- Use a long, alphanumeric password with punctuation to match the recommended password strength, e.g. Th!sL00ks5trOng:-)
- Never leave the login session unclosed or to timeout automatically. Logout/Sign-out immediately once the work is done
- Never share your passwords or any account credentials with others
- Backup login credentials in different devices/media in encrypted format to avoid data loss in the case of lost/stolen devices
- Avail of a reputed Password Manager to assist you in managing your passwords
Benefits of using a Password Manager:
- Password Manager can generate strong passwords
- It can save your credentials and auto login/fill-in the next time you visit a known site, provided password security is ensured
- You don’t have to worry about forgetting passwords
Choose a Password Manager that ensures data security by encrypting the passwords.
References:
1. https://howsecureismypassword.net/
… to part 5: Social networking
Image courtesy of:
commoncraft.com
K7 Threat Control Lab
If you wish to subscribe to our blog, please add the URL provided below to your blog reader: https://labs.k7computing.com/feed/